WordPress Plugins and Themes with Known Issues

A list of WordPress plugins, themes, and functions that are not supported and/or require workarounds.

Contributors: Aleksandr Korolyov, Carl Alberto.

Discuss in our Forum Discuss in Slack

This page lists WordPress plugins, themes, and functions that may not function as expected or are currently problematic on the Pantheon platform. This is not a comprehensive list (see other issues). We continually update it as problems are reported and/or solved. If you are aware of any modules or plugins that do not work as expected, please contact support.

We do not prevent you from installing and using these plugins or themes. However, we cannot provide support for incompatible plugins and themes, or if they are used against the guidance provided here.

Plugin & Theme Maintainers: If your work is listed here, please reach out to us. We're happy to help provide information that can lead to conflict resolutions between your code and the platform.

If your work is already updated but still listed here, let us know so we can remove it, or submit a pull request.

Assumed Write Access

Some plugins and themes are built on the assumption that the CMS has write access to the entire filesystem. While this is usually true of standard LAMP/LEMP stack server configuration, Pantheon and other specialized platforms do not. This can result in runtime errors when the software can't write to locations in the codebase in Test and Live environments.

See Use the Pantheon WebOps Workflow for more information on how Pantheon differentiates "code" from "files".

The solution to these issues is usually to create a symlink from the plugin's expected write location to a location in the writable filesystem (/sites/default/files for Drupal, wp-content/uploads for WordPress). This process is detailed in Using Extensions That Assume Write Access.

The following is a list of plugins that assumes write access, and the specific file or folder that needs to be symlinked to resolve:


Assumed Write Path


All-in-One WP Migration


The platform is not designed for large backup files, and this plugin can cause your deployment workflows to break. You can download full backups from the Site Dashboard. See below for additional information.




See the Autoptimize section below for other solutions.

Divi WordPress Theme & Visual Page Builder


Remember to repeat this process for each environment, including Multidevs.

NextGEN Gallery


You can override this path on the plugin configuration page (/wp-admin/admin.php?page=ngg_other_options) to use wp-content/uploads/gallery/ instead of creating a symlink.


wp-content/nitropack and advanced.cache.php

Allows for the caching feature to be disabled so that other features, such as optimization, can be used side-by-side.






WPML - The WordPress Multilingual Plugin


Alternate solutions are listed in the WPML section.

WP Fastest Cache


This plugin uses is_dir to verify the target directory, which will return false if the directory is a symlink. This causes a permissions error when deleting cache files.


There are several plugins and themes that have issues on Pantheon due to the way they access files. By defining the FS_METHOD as direct in wp-config.php above the line /* That's all, stop editing! Happy Pressing. */, we can easily avoid these issues:

    define('FS_METHOD', 'direct');

Plugins and Themes with issues resolved (at least partially) by this include:

All-in-One WP Migration

Last reviewed: Nov 30 2020

Issue: All-in-One WP Migration attempts to store all of the environment's code, database, and files in version control. This is too much for git to handle, and will cause all deployments to fail.


There is a very strong possibility this plugin will break the site's workflows, leaving you unable to deploy for a minimum of 24 hours.

Solution: Use the platforms automated backups from the Site Dashboard.

AMP for WP – Accelerated Mobile Pages

Last reviewed: Dec 05 2019

Issue: Enabling the Mobile Redirection feature within AMP for WP sends a session cookie which conflicts with platform-level page caching. See the WordPress support forum for details.

Solution: Disable the option for Mobile Redirection within the AMP for WP options page. Then handle mobile redirection via PHP within wp-config.php, for example:

if ((is_mobile())&&(strrpos($_SERVER['REQUEST_URI'],'amp') == false)) {
  header('HTTP/1.0 301 Moved Permanently');
  header('Location: https://'. $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] .'/amp');

  // Name transaction "redirect" in New Relic for improved reporting (optional).
  if (extension_loaded('newrelic')) {
function is_mobile() {
  if ( empty($_SERVER['HTTP_USER_AGENT']) ) {
          $is_mobile = false;
  elseif ( strpos($_SERVER['HTTP_USER_AGENT'], 'Mobile') !== false // many mobile devices (all iPhone, iPad, etc.)
          || strpos($_SERVER['HTTP_USER_AGENT'], 'Android') !== false
          || strpos($_SERVER['HTTP_USER_AGENT'], 'Silk/') !== false
          || strpos($_SERVER['HTTP_USER_AGENT'], 'Kindle') !== false
          || strpos($_SERVER['HTTP_USER_AGENT'], 'BlackBerry') !== false
          || strpos($_SERVER['HTTP_USER_AGENT'], 'Opera Mini') !== false
          || strpos($_SERVER['HTTP_USER_AGENT'], 'Opera Mobi') !== false ) {
                  $is_mobile = true;
  else {
          $is_mobile = false;
  return $is_mobile;


Last reviewed: Feb 10 2020

Issue 1: Autoptimize assumes write access to the site's codebase within the wp-content/resources directory, which is not granted on Test and Live environments on Pantheon by design. For additional details, see Using Extensions That Assume Write Access.

Solution: Configure Autoptimize to write files within the standard wp-content/uploads path for WordPress (wp-content/uploads/autoptimize) by adding the following to wp-config.php:

/** Changes location where Autoptimize stores optimized files */

Be sure to add this configuration above the comment to stop editing:

Example of Autoptimize configuration above the stop editing comment

For additional details, see the Autoptimize FAQ. An alternative solution is to create a symbolic link.

Issue 2: Autoptimize attempts to generate the file wp-content/autoptimize_404_handler.php upon activation, and if not present will throw a php warning.

Enabling this setting requires write access and a location directive not configured in platform's Nginx configuration, generating the error:

Warning: file_put_contents(/code/wp-content/autoptimize_404_handler.php):
failed to open stream: Permission denied in /code/wp-content/plugins/autoptimize/classes/autoptimizeCache.php on line 642

Solution: Uncheck Enable 404 fallbacks in the Autoptimize settings page wp-admin/options-general.php?page=autoptimize. The Pantheon Platform does not provide support for custom HTTP server configurations, so file redirects will not work. More information can be found in the redirect files section of Advanced Redirects and Restrictions.

Better Search And Replace

Last reviewed: Sep 27 2019

Issue: Plugin is not accessible in Test or Live (read-only environments in Pantheon) due to the install_plugins capability check of the plugin. Follow this issue on the WordPress support forum.

Solution 1: There is an undocumented filter in place to override the capability check. Adding this in the your theme’s function.php can make it work:

function better_search_replace_cap_override() {
    return 'manage_options';
add_filter( 'bsr_capability', 'better_search_replace_cap_override' );

Solution 2: Use an alternative Search and Replace plugin like WP Migrate DB


Issue: Sessions are implemented in a way that will not allow it to function with the WP Native Sessions plugin, either installed as a regular plugin or an mu-plugin. Follow this issue on the WordPress support forum.

Issue: A low value set for "Check link every X hours" can consume a large amount of server resources.

Solution: Ensure that the value is set for the default of 72 hours or greater.

Caching Plugins

This includes but is not limited to:

Issue: Conflicts with platform-level page caching.

Solution: See Caching: Advanced Topics for details on how to bypass the platform page cache.

Coming Soon

Last reviewed: Oct 03 2018

Issue: Maintenance mode gives the ERR_TOO_MANY_REDIRECTS error in the frontend. This plugin returns the error 503 Header status - Service Temporarily Unavailable which creates a redirect loop. Please see this issue for more details regarding the error.

Solution: This plugin only works in the Coming Soon Mode on Pantheon. You need to add content to the Page Settings > Message, so the Coming Soon page won't appear as a blank page.

Alternatively, if you don't want your site to be crawled by search engines, you can lock it via the platform and you can use a custom lock page.

Contact Form 7

Last reviewed: Aug 21 2021

Issue 1: This plugin relies on $_SERVER['SERVER_NAME'] and $_SERVER['SERVER_PORT'], which pass static values subject to change over time during routine platform maintenance.

Solution: Add the following to wp-config.php:


    $_SERVER['SERVER_PORT'] = 443;
  else {
    $_SERVER['SERVER_PORT'] = 80;

For more details, see SERVER_NAME and SERVER_PORT on Pantheon.

Issue 2: In order to attach or upload files, local file attachments set in the admin panel cannot come from the uploads folder. Therefore, you must direct attachments to a temporary folder.

Solution: You can customize the upload path for the temporary folder using the following:

define( 'WPCF7_UPLOADS_TMP_DIR', WP_CONTENT_DIR . '/uploads/wpcf7_uploads' );

Please note that the temporary folder needs to reside in a folder that can be accessed by Dev, Test, Live, or whichever Multidev you are using.

At this time, this setting alone does not resolve the issue. An issue has been submitted by the community and is being worked on here.

The suggested temporary workaround is to comment out the following code in your /contact-form-7/includes/mail.php file:

# Comment out the following code:
if ( ! wpcf7_is_file_path_in_content_dir( $path ) ) {
  if ( WP_DEBUG ) {
        /* translators: %s: Attachment file path. */
        __( 'Failed to attach a file. %s is not in the allowed directory.', 'contact-form-7' ),
  return false;

Constant Contact Forms

Last reviewed: Aug 24 2018

Issue: The Constant Contact Forms plugin adds dependencies using Composer and provides a .gitignore file which prevents these dependencies from being picked up by Git. This leads to problematic deployments as not all code moves forward to Test and Live.

Solution: Remove .gitignore files from the constant-contact-forms and constant-contact-forms/vendor/psr/log directories.

Disable REST API and Require JWT / OAuth Authentication

Last reviewed: Apr 01 2019

Issue: When this plugin is enabled along with WooCommerce, WP-CLI and Pantheon dashboard workflows like Cache Clear can fail. This issue may not happen for environments where WP-CLI is not installed (local machine, other platforms, etc):

Fatal error: Uncaught Error: Call to undefined method WP_Error::get_data() in /srv/bindings/.../code/wp-content/plugins/woocommerce/includes/cli/class-wc-cli-runner.php:64

For WooCommerce, the CLI runner needs some of the REST endpoints for it to function. The plugin is only allowing a specific set of paths for allowed access.

Solution: In the plugin.php file, edit the if ( ! is_user_logged_in() ) conditional to include a check for CLI PHP requests:

    if ( ! is_user_logged_in() && php_sapi_name() != 'cli' ) {

        // Only allow these endpoints: JWT Auth.
        $allowed_endpoints = array(
    $allowed_endpoints = apply_filters( 'reqauth/allowed_endpoints', $allowed_endpoints );

Divi WordPress Theme & Visual Page Builder

Last reviewed: Oct 09 2020

Issue 1: Divi Themes Visual Page Builder may produce the following error when attempting to edit pages because the page builder is attempting to write to three different nested folders in the web root:

.../data/Utils.php:758  ET_Core_Data_Utils::WPFS():
[ERROR]: Unable to write to filesystem. Please ensure that the web server process has write access to the WordPress directory.

Solution 1: The most reliable solution is to access the Divi Theme Options > Builder > Advanced section and disable Static CSS File Generation.

Solution 2:

  1. Create a symlink.

  2. Define the FS_METHOD in the wp-config.

Issue 2: The WordPress admin dashboard becomes slow when editing posts using Divi.

Solution: When the wp-content/uploads/et-cache directory gets too full, it tends to slow down. Clear the cache from Theme Options > Builder > Advanced > Static CSS File Generation:

A screenshot highlighting the option to clear the Divi cache


Last reviewed: Oct 08 2020

Issue: Elementor Uses the current full URI to link to styled assets, which are invalid when the code is pushed from one environment to another. This path cannot be changed via the WP-CLI search-replace function, or any other search & replace plugin.

Solution: Use the search-replace feature built in to Elementor, found at /wp-admin/admin.php?page=elementor-tools#tab-replace_url.

Event Espresso

Last reviewed: Nov 15 2018

Issue 1: Event Espresso shows the error:

PHP Fatal error: Uncaught EE_Error: An attempt to access and/or write to a file on the server could not be completed due to a lack of sufficient credentials.

Solution: Define FS_METHOD.

Issue 2: Enabling Event Espresso sends a session cookie which conflicts with platform-level page caching.

Solution: Session autostart can be disabled conditionally using FHEE_load_EE_Session filter.


Last reviewed: Oct 15 2019

Issue: FacetWP conflicts with New Relic.

Solution: Disable New Relic when using FacetWP.

Fast Velocity Minify

Last reviewed: Oct 12 2019

Issue: Site suddenly shows a white screen of death.

Solution: Because the binding path can change on our Platform, the cache folder path may change. To manually reconfigure the cache path, go to Fast Velocity Minify's Settings tab, and click Cache Location. Remember to clear the cache from Pantheon and flush the Redis cache.

Force Login

Last reviewed: Jul 26 2018

Issue: This plugin appends a port number using $_SERVER['SERVER_PORT'] at the end of the URL when the user logs in to the site.

Solution: See Set SERVER_PORT Correctly.

Last reviewed: Feb 20 2020

Issue: This plugin sends two set-cookie headers in each response, which breaks caching on Pantheon's Global CDN. For example:

curl -I https://www.example.com
HTTP/2 200
cache-control: public, max-age=600
content-type: text/html; charset=UTF-8
server: nginx
set-cookie: cookielawinfo-checkbox-necessary=yes; expires=Thu, 20-Feb-2020 17:31:51 GMT; Max-Age=3600; path=/set-cookie: cookielawinfo-checkbox-non-necessary=yes; expires=Thu, 20-Feb-2020 17:31:51 GMT; Max-Age=3600; path=/x-pantheon-styx-hostname: styx-fe1-a-789d66bff9-tztp6
x-styx-req-id: 7f93c166-53fe-11ea-803e-b26d7703e33f
date: Thu, 20 Feb 2020 16:31:51 GMT
x-served-by: cache-mdw17379-MDW, cache-chi21146-CHI
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1582216311.492451,VS0,VE204
vary: Accept-Encoding, Cookie, Cookie
age: 0
accept-ranges: bytes
via: 1.1 varnish

Solution: Several users have reported that upgrading to the premium version of this plugin and disabling the included script blocker fixed the issue. For additional support, work with the plugin maintainers and review related documentation for the premium version.


Last reviewed: Nov 05 2019

Issue: Adding new libraries or content types from the H5P hub through the admin interface (or uploading large files from slow internet connections) can hit our max execution timeout, resulting in a 504 error:

H5P Timeout Error

While not a solution, re-running the Install process multiple times may result in success. You can also attempt to upload .hp5 files from your local computer. If local uploads hit the timeout, please try from a faster connection.


Last reviewed: Oct 01 2019

Issue 1: Installing the InfiniteWP admin panel on a Pantheon hosted site is not possible, because the plugin hardcodes the database credentials and uses a custom port in the URL. Our platform offers database credentials and offers them as an environment variable, and does not allow web access on ports other than 80 and 443.

Issue 2: Cannot remotely update core, or install/update themes and plugins in the Test and Live environments.

Solution: Due to the read only nature of Test and Live environments, remote updates can only be done in Dev, then deployed to Test and Live environment. Consider using a Custom Upstream or WP Site Network instead if you are deploying similar codebase, theme and plugins for a group of sites hosted on Pantheon.


Issue: The Instashow plugin relies on query parameters that are not compatible with Pantheon's Edge Cache. See PANTHEON_STRIPPED for more information. This inhibits the ability to set the authorization token required to make the plugin function.

iThemes Security

Last reviewed: Feb 10 2020

Issue 1: The "File Change Detection" check in iThemes Security warns site admins when files are modified. On Pantheon, automated backups will trigger this warning.

Solution: Disable the "File Change Detection" component of the plugin. Code files in the Test and Live environments are not writable, so this is not a security risk on Pantheon.

Issue 2: iThemes Security attempts to modify nginx.conf, .htaccess and wp-config.php. Components that need write access to these files will not work since nginx.conf cannot be modified and code files on the Test and Live environments are not writable.

Solution: Modifications to wp-config.php should be done in Dev or Multidev environments, then deployed forward to Test and Live.

ManageWP worker

Last reviewed: Oct 12 2018

Issue 1: Error when adding a site in the ManageWP dashboard:

Site could not be added - Bad HTTP response (403 Forbidden)

This error sometimes leads users to believe that ManageWP's IP addresses need to be allowlisted on the platform.

Solution: Pantheon does not block any IPs, and there is nothing that would require an allowlist. Most likely there is a security plugin that temporary blocks the connection, or a conflicting plugin like those listed here. Temporary disable all other plugins, or the security plugins, then try adding your site again. For full troubleshooting, consult the ManageWP troubleshooting page.

Issue 2: Cannot remotely update core, or install/update themes and plugins in the Test and Live environments.

Solution: Due to the read only nature of Test and Live environments, remote updates can only be done in Dev, then deployed to Test and Live environment. Consider using a Custom Upstream or WP Site Network instead if you are deploying similar codebase, theme and plugins for a group of sites hosted in Pantheon.

Issue 3: Cannot remotely update core, or install/update theme and plugins in the Dev environment.

Solution: Make sure you are in SFTP mode instead of Git mode.

Monarch Social Sharing

Issue: Seems to break WP-CLI, which is used by many of our workflows (clone, clear cache).

New Relic Reporting for WordPress

Last reviewed: May 08 2019

Issue: This plugin sets up redundant configurations (appname and framework) with the New Relic® Performance Monitoring configuration, resulting in new applications in New Relic. This behavior may break compatibility with New Relic integrations such as QuickSilver scripts.

Last reviewed: Dec 06 2019

Issue: This plugin stores full file paths to the options table, which breaks across multiple application containers.

Solution: A user patch has been submitted to the plugin maintainers.


Last reviewed: Dec 19 2019

Issue: This plugin adds a cache-busting cookie (ex. pll_language=en) for each request.

Solution: Define the constant PLL_COOKIE to false in wp-config.php to remove the cookie:

define('PLL_COOKIE', false)

The value of PLL_COOKIE defaults to pll_polylang. This defines the name of the cookie used by Polylang to store the visitor's language. When PLL_COOKIE is set to false, Polylang does not set any cookie. Be aware that in this case some features of the plugin may not work completely. For example, the login page will not be translated.

See the plugin documentation for more information on its PHP constants.

Posts 2 Posts

Last reviewed: Dec 10 2020

Issue: Posts 2 Posts can have incompatible index values for meta_key on database tables when installed on a site imported from a host using 3-byte character sets, resulting in the following error on import:

Index column size too large. The maximum column size is 767 bytes

Solution: You can apply this patch to ensure new tables created by the plugin use the supported meta_key(191) index value. You can fix existing tables via the MySQL commandline, for example:

ALTER TABLE wp_18_p2pmeta DROP INDEX meta_key, ADD INDEX meta_key(meta_key(191));
ALTER TABLE wp_29_p2pmeta DROP INDEX meta_key, ADD INDEX meta_key(meta_key(191));
ALTER TABLE wp_30_p2pmeta DROP INDEX meta_key, ADD INDEX meta_key(meta_key(191));
ALTER TABLE wp_31_p2pmeta DROP INDEX meta_key, ADD INDEX meta_key(meta_key(191));
ALTER TABLE wp_33_p2pmeta DROP INDEX meta_key, ADD INDEX meta_key(meta_key(191));

Query Monitor

Issue: Creates a symlink with an absolute path, which will only work on the appserver where the plugin was installed. The plugin is not fully designed for cloud or multi server environments.

Alternatives: Pantheon has tools in place to monitor database queries:

Object Sync for Salesforce

Last reviewed: Aug 24 2018

Issue: The Object Sync for Salesforce plugin adds dependencies using Composer, and one of these dependencies provides a .gitignore file which prevents files from being picked up by Git. This leads to problematic deployments as not all code moves forward to Test and Live.

Solution: Remove the .gitignore file from the object-sync-for-salesforce/vendor/pippinsplugins/wp-logging directory.


Last reviewed: Jul 19 2021

Issue 1: Customers have reported issues with 404 logging creating large database tables, reducing site performance.

Solution: Consider using PHP code to set up your redirects. See Configure Redirects for more information.

Issue 2: Redirection prefers $_SERVER['SERVER_NAME'] over $_SERVER['HTTP_HOST'] for URL and server redirects. By default, $_SERVER['SERVER_NAME'] returns Pantheon's internal server name and not the current hostname. As a result, Redirection's "URL and server"-based redirects never match.

Solution: In wp-config.php, add the following above the line /* That's all, stop editing! Happy Pressing. */:

// to allow the Redirection plugin to work when using
// "URL and server" based redirects. By default,
// $_SERVER['SERVER_NAME'] returns Pantheon's internal
// server name and not the current hostname, as a
// result, Redirection's "URL and server"-based
// redirects never match.

Visit the SERVER_NAME and SERVER_PORT on Pantheon doc for more information about how to use HTTP_Host on Pantheon.


This workaround may potentially break other functionality that depends on the default Pantheon return value for $_SERVER['SERVER_NAME'].

Revive Old Post

Issue: Revive Old Post does not set a proper callback via OAuth and the Twitter module. It attempts to use ['SERVER_NAME'] instead of the recommended ['HTTP_HOST']. Visit the SERVER_NAME and SERVER_PORT on Pantheon doc for more information about ['HTTP_HOST'].

SendGrid Subscription Widget

Last reviewed: Oct 13 2018

Issue: The email confirmation link sent from the Subscription Widget goes to a redirect loop (see the open issue on wp.org). The link created uses a URL GET parameter __sg_api, which has double underscores. The platform strips this type of parameter to improve caching performance.

Solution: Manually change the the parameter __sg_api to any variable (like sg_api) without double underscores as prefix in the following lines of sendgrid-email-delivery-simplified/lib/class-sendgrid-mc-optin.php:

  • Line 25: $vars[] = '__sg_api';
  • Line 40: if( isset( $wp->query_vars['__sg_api'] ) )
  • Line 146: $confirmation_link = site_url() . '/?__sg_api=1&token=' . $token;


This workaround may potentially break again with the next plugin update, and you will need to manually reapply the modification.

Slider Revolution

Last reviewed: Oct 01 2020

Issue: Slider Revolution video backgrounds will not auto-play when added to a layer, and throws this error in the Javascript console:

Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube.com') does not match the recipient window's origin ('https://<env>-example.pantheonsite.io').

The plugin generates the site's URL using $_SERVER['SERVER_NAME'] instead of $_SERVER['HTTP_HOST']. Due to the dynamic nature of Pantheon's cloud architecture, $_SERVER['HTTP_HOST'] is considered best practice.

Solution: Add the following line to wp-config.php:


SmartCrawl Pro

Last reviewed: Oct 17 2018

Issue: The sitemap URL linked by the plugin produces a 500 Internal Server Error on Test and Live environments. This results in a PHP error: class not found WP_Filesystem_Direct. See more details about the issue.

Solution: Define FS_METHOD.

Alternative plugins that have an XML sitemap feature that works well on the platform include:


Issue: TimThumb is no longer supported or maintained.

TubePress Pro

Issue: Sites running PHP version 5.3 produce a WSOD after activating this plugin.

Solution: Upgrade your site's PHP version to 5.5, 5.6, or 7.0.

Unbounce Landing Pages

Last reviewed: Feb 13 2019

Issue: Click to call conversions aren't tracking even if the pages are not cached because the cookies are being stripped.

Solution: Usually these type of issues can be solved if the cookie name can be renamed with a prefix starting with STXKEY_, but it is inadvisable to modify the plugin directly. It is suggested by the Unbounce team to separate your Pantheon site domain (eg. example.com) and the Unbounce landing page in a subdomain (e.g., unbounce.example.com), because your Unbounce landing pages can't live at exactly the same URL as your homepage. See the outlined solution here or get in touch with Unbounce support for more help.

UNLOQ Two Factor Authentication (2FA)

Last reviewed: Oct 08 2018

Issue: This widget does not work on this domain error message shown after deploying plugin across environments on Pantheon. This is because the API credentials used on the original environment are being used on a new environment URL, which is not allowed by the plugin. This is by design.

Solution: Manually change unloq_credentials key in thewp_options table. Alternatively, you can re-create an application by resetting your plugin installation (deactivate, delete entries, etc.).

For an alternative 2FA plugin, see Secure Your Site with Two-Factor Authentication.

Unyson Theme Framework

Last reviewed: Oct 05 2018

Issue: This plugin has an internal extension system which installs additional files aside from the plugin itself. Some of those extensions have an additional .gitignore file that prevents it from being deployed to Test and Live environment. See this GitHub issue for more information.

Solution: When using these Unyson Extensions, manually delete the .gitignore files in the corresponding locations:

Page builder:

  • wp-content/plugins/unyson/framework/extensions/shortcodes/.gitignore
  • wp-content/plugins/unyson/framework/extensions/shortcodes/extensions/page-builder/.gitignore

WordPress Shortcodes:

  • wp-content/plugins/unyson/framework/extensions/shortcodes/.gitignore

Translate Press:

  • wp-content/plugins/unyson/framework/extensions/shortcodes/.gitignore


  • wp-content/plugins/unyson/framework/extensions/events/.gitignore


  • wp-content/plugins/brizy/vendor/twig/twig/.gitignore

Visual Composer: Website Builder

Last reviewed: Aug 27 2018

Issue: This plugin fails to download additional assets during the internal plugin activation procedure on Test and Live environments.

Solution 1: New sites, without existing Test and Live environments: If this plugin is installed and activated on a new site before the Test and Live environments are created, it will properly transfer all assets and database settings to the additional environments.

Solution 2: Sites with existing Test and Live environments: To activate the plugin on sites with existing Test and Live environments, define FS_METHOD.

WebP Express

Last reviewed: Aug 25 2019

Issue: WebP Express assumes write access to paths in the codebase that are write-only in non-dev environments. Because the plugin uses is_dir to check for the path, a symlink to files/ does not resolve the issue.

Weather Station

Issue: This module uses php-intl, which is not currently supported by Pantheon.


Last reviewed: Jan 10 2018

Issue: The "batch upload" process can fail during large uploads. The platform has a 120 second timeout limit for scripts, and large upload processes can hit this limit.

Solution 1: The suggested workaround is to clone the site locally, import the items, then sync the database back up to the platform.

Solution 2: If you don't have a local copy, SFTP into any environment's wp-content/uploads folder and upload the CSV file that you wish to import. Under the advanced settings of the WooCommerce import, specify the exact path where you uploaded the CSV file and import from there:

Enter the path to the CSV on the Import products from a CSV file page

There is a feature request on WooCommerce's GitHub page for a WP-CLI import command which would be less prone to timeouts. To express your interest to the developers, click the thumbs up on the feature request.

Issue 2: A change introduced in WooCommerce 3.6.0 breaks template loading in environments with multiple application containers.

Solution: The issue and a few workarounds possible are described in this WooCommerce Issue We hope this issue will result in future code changes to WooCommerce so mitigations are not needed.


Issue 1: This plugin checks WP_MEMORY_LIMIT, which defaults to 40MB, instead of ini_get('memory_limit'), creating this notice:


Solution: Add the following line to wp-config.php:

  define('WP_MEMORY_LIMIT', '256M');


Last reviewed: Jul 15 2020

Issue: Wordfence assumes write access to several files in the codebase to store configuation and log files.

Solution: Prepare your environment before installing Wordfence with the proper symlinks and configuration files:


This process uses Terminus commands. Before we begin, set the variables $site and $env in your terminal session to match your site name and the Dev (or Multidev) environment:

export SITE=yoursitename
export ENV=dev
  1. Set your Dev (or Multidev) environment to Git connection mode:

    terminus connection:set $SITE.$ENV git
  2. If you haven't already, clone your site's codebase locally. You can get the path to your codebase from the Site Dashboard:

    git clone ssh://codeserver.dev.xxx@codeserver.dev.xxx.drush.in:2222/~/repository.git my-site
  3. From the codebase directory, create the following symlinks:

    ln -s ../../files/private/wflogs ./wp-content/wflogs
    ln -s ../files/private/wordfence-waf.php ./wordfence-waf.php
    ln -s ../files/private/.user.ini ./.user.ini
  4. Open pantheon.yml and add a protected web path for .user.ini:

      - /.user.ini
  5. Set the FS_METHOD to direct in wp-config.php.

  6. Commit and push the changes to the platform:

    git add .
    git commit -m "Prepare environment for Wordfence"
    git push origin master #Or Multidev branch name
  7. Create the empty files wordfence-waf.php and .user.ini to push to the site. In this example, we're using touch to create them in the /tmp directory:

    touch /tmp/wordfence-waf.php /tmp/.user.ini
  8. Connect to your environment over SFTP, create the required directories, and push the new files. You don't need to switch the environment back to SFTP mode, since you're not changing anything in the codebase. You can get the SFTP path from the Site Dashboard under Connection Info.
    Complete this step in Dev, Test, and Live Environments.

    sftp -o Port=2222 env.UUID@appserver.env.UUID.drush.in
    mkdir files/private
    mkdir files/private/wflogs
    put /tmp/wordfence-waf.php /files/private
    Uploading /tmp/wordfence-waf.php to /files/private/wordfence-waf.php
    /tmp/wordfence-waf.php                           100%    0     0.0KB/s   00:00    
    put /tmp/.user.ini /files/private/
    Uploading /tmp/.user.ini to /files/private/.user.ini
    /tmp/.user.ini                                   100%    0     0.0KB/s   00:00    
  9. Set the environment connection mode to SFTP, then install and activate Wordfence. You can do both with Terminus:

    terminus connection:set $SITE.$ENV sftp
    [notice] Enabled on-server development via SFTP for "env"
    terminus wp $SITE.$ENV -- plugin install --activate wordfence
    Installing Wordfence Security – Firewall & Malware Scan (7.4.9)
    Warning: Failed to create directory '/.wp-cli/cache/': mkdir(): Read-only file system.
    Downloading installation package from https://downloads.wordpress.org/plugin/wordfence.7.4.9.zip...
    Unpacking the package...
    Installing the plugin...
    Plugin installed successfully.
    Activating 'wordfence'...
    Warning: fopen(/code/wp-content/wflogs/rules.php): failed to open stream: No such file or directory in /code/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 325
    Warning: flock() expects parameter 1 to be resource, bool given in /code/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 326
    Warning: include(/code/wp-content/wflogs/rules.php): failed to open stream: No such file or directory in /code/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 328
    Warning: include(): Failed opening '/code/wp-content/wflogs/rules.php' for inclusion (include_path='.:/usr/share/pear:/usr/share/php') in /code/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 328
    Warning: flock() expects parameter 1 to be resource, bool given in /code/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 329
    Warning: fclose() expects parameter 1 to be resource, bool given in /code/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 330
    Plugin 'wordfence' activated.
    Success: Installed 1 of 1 plugins.
    [notice] Command: wordpress-docs-testbed.waf5 -- wp plugin install [Exit: 0]

    You can safely ignore the warning messages.

  10. Navigate to the Wordfence plugin in the site's WordPress Admin and Resume Installation if prompted, or click CLICK HERE TO CONFIGURE. The plugin requires that you download .user.ini to continue. As this file is blank at this point, you can delete it after downloading.

Issue: When enabling the Web Application Firewall (WAF), it can result in an "Error Connecting to the Database" message, in which the Wordfence plugin generates a bad wordfence-waf.php file.

Solution: To mitigate this issue, replace /code/wordfence-waf.php with /code/includes/prepend.php. Change the following code on wordfence-waf.php from:

if (file_exists('/code/wordfence-waf.php')) {
include_once '/code/wordfence-waf.php';


if (file_exists('/code/includes/prepend.php')) {
        include_once '/code/includes/prepend.php';

WordPress Social Login

Issue 1: This plugin attempts to access PHP native sessions before WordPress has been bootstrapped, which prevents the Pantheon PHP native sessions plugin from being called. This leads to a 500 error when authenticating with external services.

Solution: While not recommended, you can add the following lines to wp-config.php before the first call to session_start:

if (defined( "PANTHEON_BINDING" )) {
  include_once( "/srv/bindings/". PANTHEON_BINDING ."/code/wp-blog-header.php" );

You will need to make this change every time the plugin is updated.

Issue 2: This plugin creates a session on every page, which can prevent page level caching.

WP Rocket

Last reviewed: Oct 19 2020

Issue 1: As with other caching plugins, WP Rocket conflicts with Pantheon's Advanced Page Cache. The caching feature can be disabled so other features like file optimization, media, etc. can be used side-by-side. Note that if not disabled, WP Rocket will auto-create the advanced-cache.php file.


  1. In SFTP mode, install the WP Rocket plugin to the dev environment by uploading via SFTP or from the WP dashboard.

  2. Activate the plugin from the dashboard.

  3. Disable WP Rocket caching by finding the WP_CACHE value defined by WP-Rocket in wp-config.php, and setting it to false:

    define('WP_CACHE', false);
  4. Optional on writable environments: The WP Rocket plugin automatically tries to set WP_CACHE to true in wp-config.php, if it is writable. To prevent this behavior on Dev and Multidev environments, you can optionally add this helper plugin, which disables the attempted write.

Issue 2: WP rocket assumes write access to read-only file paths in Pantheon.

Solution 1: WP version 3.5 and higher allows setting a custom cache folder and config path:

define( 'WP_ROCKET_CONFIG_PATH', $_SERVER['DOCUMENT_ROOT'] . '/wp-content/uploads/wp-rocket-config/' );
define( 'WP_ROCKET_CACHE_ROOT_PATH', $_SERVER['DOCUMENT_ROOT'] . '/wp-content/uploads/new-path/cache/' );

Version 3.2 through 3.4 allows setting only the cache path, and still requires a symlink for the other paths (see below).

Solution 2: Create symlinks as noted above.

After symlinking, make sure to manually create these folders in ALL environments.




WPBakery: Page Builder

Last reviewed: Sep 14 2018

Issue: The Custom CSS and Design Options pages of the plugin (?page=vc-custom_css, ?page=vc-color) try to create new files when saved. Due to problems related to incorrect FS_METHOD, files are not created or saved in the expected folder, wp-content/uploads/js_composer.

Solution: Define FS_METHOD.

WPFront Notification Bar

Last reviewed: Oct 20 2020

Issue: WPFront Notification Bar sends a set-cookie header in each response, which breaks caching on Pantheon's Global CDN. For example:

curl -I https://www.example.com
HTTP/2 200
cache-control: public, max-age=600
content-type: text/html; charset=UTF-8
link: <https://www.example.com/wp-json/>; rel="https://api.w.org/"
link: <https://www.example.com/wp-json/wp/v2/pages/47>; rel="alternate"; type="application/json"
link: <https://www.example.com/>; rel=shortlink
server: nginx
set-cookie: wpfront-notification-bar-landingpage=1strict-transport-security: max-age=300
x-pantheon-styx-hostname: styx-fe1-a-789d66bff9-tztp6
x-styx-req-id: 7f93c166-53fe-11ea-803e-b26d7703e33f
date: Tue, 20 Oct 2020 21:16:09 GMT
x-served-by: cache-mdw17356-MDW
x-cache: MISS
x-cache-hits: 0
x-timer: S1603228567.134579,VS0,VE2847
vary: Accept-Encoding, Cookie
age: 0
accept-ranges: bytes
via: 1.1 varnish

Solution: You can apply this patch to disable landing page tracking and fix caching.

WP All Import / Export

Last reviewed: Jun 15 2020

Issue 1: Large batch processes can fail if they take longer than the platform will allow. See Timeouts on Pantheon for more information.

Solution: To avoid hitting a timeout, you can try:

  • Clean up temporary files

  • Lower the chunk size to fewer than 100 records:

    A screenshot showing the Chunk Size setting under Advanced Settings for WP Import All

  • Cron Processing Time Limit should be set not more than 50 seconds to be safe with the 59 second platform PHP timeout.

  • Set the plugin to only process 1 record at a time:

    A screenshot of the Iterative, Piece-by-Piece processing option under Advanced Settings for WP Import All

The optimal number of records to process at one time depends on how many post_metas and custom functions are associated with each post imported.

  • Instead of importing one large file, it is best to set it up as recurring cron import as outlined in WP All Import's documentation.

  • If this will be a recurring import, increasing this number may help speed the completion of the task.

  • For busy sites while doing recurring cron, you can add cron sleep of at least 10 seconds to free up some php workers on recurring cron imports.

Issue 2: Getting invalid file paths when importing / exporting on environments with multiple appservers like test and live.

Solution: Upload the import file directly to the plugin's designated writable path wp-content/uploads/wpallimport/files/. When creating a new import using existing file, the file uploaded should appear there as an option.

Issue 3: Upload count does not match the import file.

Solution: Under WP All Import Settings:

  • Check the Enable Stream Reader
  • Cron Processing Time Limit should be set not more than 50 seconds
  • Clean up temporary files
  • Lower the chunk size to less than 100


Last reviewed: Feb 23 2021

Issue: WP-Ban returns a 200-level response code to banned IPs. These responses are cached and count towards Site Visits. In addition, the Pantheon Global CDN may cache the result as successful, leading future visitors to think they've also been banned.

Solution: See the doc on how to Investigate and Remedy Traffic Events for alternative methods.

WP Migrate DB

Last reviewed: Oct 17 2018

Issue: On Test and Live environments, the Compatibility settings cannot be configured because this feature requires write access to wp-content/mu-plugins. This issue prevents plugins from being included in DB exports and search-and-replace tasks.

Solution: The normal search-and-replace and DB export functions of this plugin work, but will leave all plugins disabled while in operation. If a specific plugin is required to remain active during the DB export and search-and-replace operations, add a filter for it as described in the plugin's debugging page.

WPML - The WordPress Multilingual Plugin

Last reviewed: Oct 22 2019

Issue 1: Locking an environment prevents WPML from operating and returns the following error: It looks like languages per directories will not function.

Solution: Make the environment public within the Site Dashboard. For details, see Security on the Pantheon Dashboard.

Issue 2: When registering the plugin, accessing /wp-admin/plugin-install.php?tab=commercial returns "Sorry, you are not allowed to access this page".

Solution: Activate the plugin individually for each environment you want to use the plugin with, as it requires a separate key for each domain. Instead of clicking on Purchase a subscription or enter an existing site key, use the Configure WMPL button:

The Configure WMPL Button

You can also add the registration keys to wp-config.php:

define( 'OTGS_INSTALLER_SITE_KEY_WPML', 'your-site-key' );

Learn more in the WPML Guide.

Issue 3: Upon activating WPML String Translation plugin, you may see this error:

WPML String Translation is attempting to write .mo files with translations to folder:


This folder appears to be not writable. This is blocking translation for strings from appearing on the site. To resolve this, please contact your hosting company and request that they make that folder writable. For more details, see WPML's documentation on troubleshooting .mo files generation.

Solution 1:

  1. In wp-config.php, add the following above the line /* That's all, stop editing! Happy Pressing. */:

    define('WP_LANG_DIR', $_SERVER['HOME'] .'/files/languages');
  2. Create the languages directory inside /files for each environment.

Solution 2:

Create a symlink for wp-content/languages pointing to wp-content/uploads/languages. See Using Extensions That Assume Write Access for more information.

Yoast SEO

Last reviewed: Jun 12 2018

Issue: The redirects for Yoast SEO setting will detect two options for redirect methods, "PHP", and "Web Server". The Web Server option expects write access to the nginx.conf file, which is not writable on Pantheon.

Solution: Only use the "PHP" redirect method.

YotuWP Easy YouTube Embed

Last reviewed: Nov 27 2019

Issue: The plugin asks for SFTP credentials after installation.

Solution: Define FS_METHOD.

WordPress Themes

Self-Updating Themes

Several WordPress themes, including Jupiter, Nanosoft, and Uncode, present a form requesting FTP credentials in order to automatically update its components. This will appear on Dev, Test and Live environments and can be hidden with CSS, but is still present.

The form can be disabled by adding the following to wp-config.php, above the line /* That's all, stop editing! Happy Pressing. */:

/** Disable theme FTP form */
define('FS_METHOD', 'direct');
define('FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
define('FS_CHMOD_FILE', ( 0755 & ~ umask() ) );
define('FTP_BASE', __DIR__);
define('FTP_CONTENT_DIR', __DIR__ .'/wp-content/');
define('FTP_PLUGIN_DIR', __DIR__ .'/wp-content/plugins/');


Last reviewed: Jun 19 2019

Issue: This theme throws a PHP Fatal error in its settings page for Dev's and Multidev's Git mode, Test and Live.

Solution: This theme assumes write access to theme folders wp-content/themes/uncode/core/assets/css and wp-content/themes/uncode/library/css for it to work properly in git mode. For additional details, see Using Extensions That Assume Write Access.

WordPress Functions


Issue: Adding a submenu page to the Tools main menu using WordPress roles and capabilities that would read or write files to core, themes, or plugins, is not supported.

For example, the install_plugins capability isn't present on the Test or Live environment, therefore menus created with it will not display. For example:

hook = add_management_page( 'My WP Tool Page', 'My WP Tool',
  'install_plugins', 'mywptool', array( $this, 'admin_page' ), '' );

add_action( "load-$hook", array( $this, 'admin_page_load' ) );

This is because write permissions are restricted in Test and Live per the Pantheon Workflow.

Solution: You can use another capability such as read_private_posts instead.

The list of WordPress roles and capabilities that should not be relied upon include:

  • update_core
  • update_plugins
  • update_themes
  • install_plugins
  • install_themes
  • upload_plugins
  • upload_themes
  • delete_themes
  • delete_plugins
  • edit_plugins
  • edit_themes


Issue: The function wp_filesystem->get_contents() can fail when an environment is in Git mode (as Test and Live always are) because it is aware of filesystem-level permissions which are restricted in this mode.

Solution: As described in this StackExchange answer, for cases where file ownership doesn't matter this function could be replaced with file_get_contents(). This is true of most cases where the file in question is only being read, not written to.

Other Issues

Plugins and themes will not work on Pantheon if they:

  • Require Apache.
  • Require customized .htaccess files.
  • Need to modify Nginx configuration files.
  • Require PostgreSQL or other non-MySQL compatible databases.